Tapestry
  1. Tapestry
  2. TAPESTRY-1604

Attributes of elements do not have entity values quoted (including the " character itself) resulting in invalid markup

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 5.0.5
    • Fix Version/s: 5.0.6
    • Component/s: None
    • Labels:
      None

      Description

      Simple example to demonstrate. The initial value of fullName in the bean has a couple of quotes in it. These are written directly to the HTML output instead of being turned into " entities.

      import org.apache.tapestry.annotations.Persist;

      public class Example {

      @Persist
      private MyBean myBean;

      public MyBean getMyBean()

      { return myBean; }

      public void setMyBean(MyBean myBean)

      { this.myBean = myBean; }

      }

      public class MyBean {
      private String fullName = "Fred \"Fredmeister\" Flintstone";

      public String getFullName()

      { return fullName; }

      public void setFullName(String fullName)

      { this.fullName = fullName; }

      }

      Example.html:

      <html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd">
      <body>
      <t:beanEditForm object="myBean" />
      </body>
      </html>

        Activity

        Hide
        Howard M. Lewis Ship added a comment -

        Although this was originally posed as an issue on the BeanEditForm, it's actually part of the DOM implementation used to render pages in general.

        Show
        Howard M. Lewis Ship added a comment - Although this was originally posed as an issue on the BeanEditForm, it's actually part of the DOM implementation used to render pages in general.
        Hide
        David Peterson added a comment -

        This problem also occurs with the TextField component. It is not a problem with the TextArea component.

        A workround is to explicitly set the "translate" property of all TextFields (for the BeanEditForm you have to provide blocks for each of them) to an instance of the following Translator:

        import org.apache.tapestry.translator.StringTranslator;

        public class SafeStringTranslator extends StringTranslator {

        public String toClient(String value)

        { return escapeXmlCharacters(super.toClient(value)); }

        private String escapeXmlCharacters(String s)

        { return s .replaceAll("&", "&") .replaceAll("\"", """) .replaceAll(">", ">") .replaceAll("<", "<"); }

        }

        Show
        David Peterson added a comment - This problem also occurs with the TextField component. It is not a problem with the TextArea component. A workround is to explicitly set the "translate" property of all TextFields (for the BeanEditForm you have to provide blocks for each of them) to an instance of the following Translator: import org.apache.tapestry.translator.StringTranslator; public class SafeStringTranslator extends StringTranslator { public String toClient(String value) { return escapeXmlCharacters(super.toClient(value)); } private String escapeXmlCharacters(String s) { return s .replaceAll("&", "&") .replaceAll("\"", """) .replaceAll(">", ">") .replaceAll("<", "<"); } }

          People

          • Assignee:
            Howard M. Lewis Ship
            Reporter:
            David Peterson
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development